Monday, February 4, 2013

Chrome tough on http in https - how to get round it

Some students and myself have noticed our dropbox hosted html files failing in Chrome when trying to load bits of JavaScript recently ("The page at XYZ ran insecure content from ABC"). The problem seems to be that your standard dropbox public URL link defaults to secure http, i.e. https:// ... whereas the file that you might have dropped in your dropbox Public folder might be trying to pull in some CSS and JavaScript files over simple unsecure http. On Firefox no problem, but on Chrome this is now flagged as insecure, the files are not pulled in and you get a lack of CSS and JavaScript errors due to libraries not being loaded.

The quick fix (if you can't switch all the CSS and JavaScript libraries to https), is to remove the "s" from the http, and download insecurely from dropbox. Not that this is a big deal for prototyping - it isn't, but confusing since the right click grab of the public dropbox url defaults to https ...

Or alternately, just pull all the CSS and JavaScript libraries into dropbox itself, where they will all be hosted over https, and of course you'll have the added benefit of not having to worry about the remote CDN (content delivery networks) going down.

Anyhow, this just seems to be Chrome at the moment, and doesn't affect things like safari on iOS etc. allowing us to continue to get web apps on mobile very very fast!